Aircrack-ng

User Tools

Site Tools

Trace:
airtun-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
airtun-ng [2007/09/18 22:20] – Added troubleshooting info for: error opening tap device: No such file or directory darkaudaxairtun-ng [2009/08/17 00:29] – Add WDS support aspj
Line 10: Line 10:
 Traffic injection can be fully bidirectional if you have the full encyption key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets. Traffic injection can be fully bidirectional if you have the full encyption key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets.
  
-Airtun-ng also has repeater and tcpreplay-type functionality.  There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i)at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic.  While doing this, you can still use the tun interface while repeating.  As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place.  This is essentially tcpreplay functionality for wifi. +Airtun-ng also has repeater and tcpreplay-type functionality.  There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic.  While doing this, you can still use the tun interface while repeating.  As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place.  This is essentially tcpreplay functionality for wifi.
- +
-Airtun-ng only runs on linux platforms. +
  
 +Airtun-ng only runs on linux platforms and does support WDS if you have a pretty recent version (svn rev 1624?).
  
 ===== Usage ===== ===== Usage =====
Line 20: Line 18:
  usage: airtun-ng <options> <replay interface>  usage: airtun-ng <options> <replay interface>
  
-      *-x nbpps  : maximum number of packets per second (optional) +      *-x nbpps : maximum number of packets per second (optional) 
-      *-a bssid  : set Access Point MAC address (mandatory) +      *-a bssid : set Access Point MAC address (mandatory) 
-      *-i iface  : capture packets from this interface (optional) +      *-i iface : capture packets from this interface (optional) 
-      *-y file   : read PRGA from this file (optional / one of -y or -w must be defined)+      *-y file : read PRGA from this file (optional / one of -y or -w must be defined)
       *-w wepkey : use this WEP-KEY to encrypt packets (optional / one of -y or -w must be defined)       *-w wepkey : use this WEP-KEY to encrypt packets (optional / one of -y or -w must be defined)
-      *-t tods   : send frames to AP (1) or to client (0) (optional / defaults to 0) +      *-t tods : send frames to AP (1) or to client (0) (optional / defaults to 0) 
-      *-r file          : read frames out of pcap file (optional)+      *-r file : read frames out of pcap file (optional)
  
 Repeater options (the following all require double dashes): Repeater options (the following all require double dashes):
-  *- -repeat         : activates repeat mode.  Short form -f. +  *- -repeat : activates repeat mode.  Short form -f. 
-  *- -bssid <mac>    : BSSID to repeat.  Short form -d.+  *- -bssid <mac> : BSSID to repeat.  Short form -d.
   *- -netmask <mask> : netmask for BSSID filter.  Short form -m.   *- -netmask <mask> : netmask for BSSID filter.  Short form -m.
- 
  
 ===== Scenarios ===== ===== Scenarios =====
Line 56: Line 53:
    ifconfig at0 up    ifconfig at0 up
  
-This interface (at0) will receive a copy of every wireless network packet. The packets will have been decrypted with the key you have provided.  At this point you may any tool to sniff and analyze the traffic.  For example, tcpdump or snort.+This interface (at0) will receive a copy of every wireless network packet. The packets will have been decrypted with the key you have provided.  At this point you may any tool to sniff and analyze the traffic.  For example, tcpdump, wireshark or snort.
  
 ==== WEP injection ==== ==== WEP injection ====
Line 134: Line 131:
  
 At this point, any packets for the AP (00:14:6C:7E:40:80) from the ath0 interface will be repeated and sent out on the wlan0 interface. At this point, any packets for the AP (00:14:6C:7E:40:80) from the ath0 interface will be repeated and sent out on the wlan0 interface.
- 
  
 ==== Packet Replay Mode ==== ==== Packet Replay Mode ====
Line 165: Line 161:
  
 You can also inject management and control frames.  This can be done by putting a PCAP file together of frames to be sent, or just using a capture you made before and by replaying the whole file using airtun-ng. You can also inject management and control frames.  This can be done by putting a PCAP file together of frames to be sent, or just using a capture you made before and by replaying the whole file using airtun-ng.
- 
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
- +==== I can't find the airtun-ng tool! ====
-===== I can't find the airtun-ng tool! =====+
 Windows platforms - "I can't find the airtun-ng tool!" Answer:  airtun-ng only runs on linux. Windows platforms - "I can't find the airtun-ng tool!" Answer:  airtun-ng only runs on linux.
  
- +==== Error opening tap device: No such file or directory ====
-===== error opening tap device: No such file or directory =====+
  
 When you run airtun-ng, you get a message similar to "error opening tap device: No such file or directory". When you run airtun-ng, you get a message similar to "error opening tap device: No such file or directory".
Line 179: Line 172:
 Make sure you have the OpenVPN package installed and run: Make sure you have the OpenVPN package installed and run:
  
-   modprobe tun+ modprobe tun
  
 This loads the "tun" module.  You can confirm it is loaded by running "lsmod | grep tun" If it does not load or there are problems, running "dmesg" and reviewing the end should show errors, if any. This loads the "tun" module.  You can confirm it is loaded by running "lsmod | grep tun" If it does not load or there are problems, running "dmesg" and reviewing the end should show errors, if any.
- 
- 
- 
airtun-ng.txt · Last modified: 2015/04/12 23:15 by mister_x